FORUM: Evolving corruption risks for financial institutions and investment funds
July 2018 | SPECIAL REPORT: WHITE-COLLAR CRIME
Financier Worldwide Magazine
July 2018 Issue
FW moderates a discussion on evolving corruption risks for financial institutions and investment funds between Hannah Musgrave at Bell Gully, David Pasewaldt at Clifford Chance Deutschland LLP, William P. Barry at Miller & Chevalier Chartered, and Sonja Pavic at Osler, Hoskin & Harcourt LLP.
FW: How would you characterise the range of corruption risks currently facing financial institutions (FIs) and investment funds? How have the risks of financial crime evolved in recent years?
Musgrave: FIs and investment funds face corruption risks, internally and externally. A risk common to both is that vulnerabilities in systems will be exploited. External customers may use FIs or investment funds to attempt to disguise traces of their corrupt activities, which may include money laundering. In recent years, the risk of this kind of corruption has risen because markets are moving increasingly rapidly and criminals are becoming more sophisticated. There is also an internal risk that FIs and investment funds’ employees and agents will engage in corrupt activity. Again, systems may be exploited, but it is likely to be easier for employees and agents to do so because they will have better knowledge of those systems. It is essential that FIs and investment funds are flexible and can strengthen their systems to reduce the risk that customers, employees and agents use them to commit financial crime. We have seen an increase in collaborations between public and private entities in New Zealand to address this. Another internal risk is that employees or agents will engage in attempts to influence a government official, including judges, ministers or law enforcement officers, using a bribe.
Pavic: In recent years, the risks of exposure to financial crime have increased due to a number of factors, including technology advances and evolving business practices for FIs and investment funds to consistently refresh their product and service offerings which are provided online. This environment creates evolving opportunities for wrongdoers to exploit and manipulate the processes as face-to-face transactions decline. In addition, Canadian FIs have expanded their business operations across financial service platforms and jurisdictional borders. FIs operating globally, in a broadening range of business activities, face many of the same general corruption risks as other organisations, such as when partnering with third parties and using local agents in countries where there is greater corruption risk. However, there is also additional exposure to risks that are specific to financial services because FIs are often the conduit for processing transactions for their customers, given potential violations of anti-money laundering laws. As a result of these factors, FIs face related regulatory and reputational risk due to accompanying heightened regulatory oversight and activity, increased enforcement and investigations, and more public exposure and reputational risk through social media and the internet. For example, FIs face scrutiny not only in their business operations, but also in hiring practices – such as employing associates of foreign officials in exchange for business. FIs that frequently deal with sovereign wealth funds or public international organisations, such as the World Bank and the International Monetary Fund, should be cognisant that employees of these organisations may be considered public officials for the purposes of anti-corruption laws.
Pasewaldt: FIs and investment funds face a variety of different corruption risks. On the one hand, there may be situations in which decision makers are being granted illegal benefits to influence their decisions as to whether an investment will be made available and, if so, to whom. One prominent example for such a corrupt practice is the former board member at the state bank of the German Federal State of Bavaria, Bayerische Landesbank (BayernLB), Gerhard Gribkowsky, who was sentenced to imprisonment of eight and a half years by the Munich district court in 2012 for accepting a bribery payment of $44m from the then Formula One CEO, Bernie Ecclestone, to secure the sale of BayernLB’s shares in Formula One to a preferred UK-based private equity investor group. Apart from these incidents, a much more common risk is that FIs and investments funds, among others, invest in companies that engage in corrupt practices. In addition to the monetary damages suffered by such investors from the loss of revenue generated from corrupt practices as a consequence of applying a culture of compliance and refraining from such practices after the takeover, and a presumably excessive purchase price, even more severe consequences may threaten specifically under criminal and regulatory offences law.
Barry: FIs and investment funds face a broader range of corruption risks than ever before. Aggressive investigation and enforcement of anti-corruption laws is no longer solely within the bailiwick of the US. Regulators in Europe, Latin America and Asia are committing significant resources to investigating and punishing misconduct. Portfolio company operations, hiring practices, interactions with sovereign wealth funds and other government instrumentalities and third-party entanglements pose challenges for state of the art anti-corruption compliance programmes, let alone antiquated policies and procedures. Recently, the risks of financial crime have evolved as more sophisticated regulators have seized upon money-laundering and economic sanctions enforcement as additional means of punishing perceived misconduct. Risk-averse auditors are demanding internal investigations into evidence of potential misconduct with increasing frequency, and governments are applying pressure for early disclosure.
FW: To what extent has increasing regulatory scrutiny impacted the way FIs and investment funds tackle instances of actual or potential corruption?
Pavic: There is certainly a greater need to ensure that FIs and investment funds take allegations of corruption seriously and respond in a proactive, meaningful way. Enhanced regulatory exposure and media scrutiny, including through social media, has heightened the reputational risk for these entities. Most responsible organisations are taking these issues very seriously and investing in dedicated internal and external experts to improve oversight and controls. Some, however, still seem to take a reactive approach and engage in a ‘box-ticking exercise’ for anti-corruption compliance. Action needs to be taken at an earlier stage – ideally before the situation has escalated to a ‘crisis’. Where instances of actual corruption have been identified, organisations need to develop an appropriate response plan, including considerations such as whether and when to disclose the issue to authorities, how to implement a remediation plan, and review their substantive policies and controls in place. Where an allegation has been made, more and more we are seeing organisations conducting independent investigations to ensure the matter is investigated appropriately. A few years ago, it was more difficult to get buy-in at the board level for these types of proactive responses, but the tide is shifting.
Pasewaldt: Against the background of public notices regarding increased enforcement activity by various investigative authorities on both national and international level, and the pecuniary penalties of currently unknown dimensions imposed for company-related misconduct in the financial sector and against industrial companies, FIs and investment funds have recently placed an even stronger focus on compliance-related topics in the course of M&A processes, such as anti-bribery and corruption. In practice, compliance due diligence develops more as a separate, standalone module of due diligence in relevant transactions. FIs and investment funds apply growing awareness of corruption risks, assess interesting investment opportunities more carefully and are increasingly inclined to refrain from financially attractive investments in case of doubts regarding a target’s compliance with applicable laws and regulations.
Barry: Increasing regulatory scrutiny has led to significant investments in people, technology and processes designed to address actual or potential corruption. Regulators are cooperating and sharing information across borders, often in real time. Investigative reporters are becoming more successful in discovering and reporting on alleged corruption. In response, sophisticated participants in the financial services industry have increased their ability to combat corruption. Improved technology assists with monitoring third-party relationships, transactions and ongoing operations. Internal investigations are now staffed with more experienced personnel or are outsourced to expert firms. Building a culture of compliance is now more than a catchphrase, it is viewed as real risk mitigation. FIs and investment funds have developed robust processes for evaluating next steps when actual corrupt conduct is discovered, including ‘decision trees’ regarding disclosure to regulators, limited partners and the market.
Musgrave: In New Zealand, regulators have adopted a number of measures to address instances of actual or potential corruption. Agencies such as the Serious Fraud Office (SFO) investigate and prosecute instances of serious or complex financial crime, including bribery and corruption. The SFO has powers to compel the production of documents or obtain search warrants to get hold of documents and information relevant to the investigation of serious or complex fraud. If financial crime is treated as a form of corrupt activity, there is also specific legislation to address it. Examples of such legislation include the Anti-Money Laundering and Countering the Financing of Terrorism Act 2009 (AMLCFT), which imposes a number of obligations on FIs and investment funds aimed at preventing corruption. These obligations include carrying out due diligence on customers in order to establish their identity, reporting any instances of suspicious activities, and maintaining records in relation to every transaction carried out. To help entities carry out these obligations, the regulatory bodies responsible for supervising compliance with the AMLCFT issue guidelines on a regular basis, which demonstrate their commitment to involvement in this area. There has also been an increase in the number of prosecutions under the AMLCFT that will put pressure on entities to meet their obligations. These measures have meant that the tackling of actual and potential corruption of their customers by FIs and investment funds is mandatory and carefully monitored.
FW: What strategies do you believe FIs and investment funds need to deploy to quantify and prioritise the corruption risks to which they may be exposed?
Pasewaldt: The starting point of focused and effective compliance due diligence, which has been designed to uncover potential corrupt practices or other misconduct, is an assessment of the risk areas of a target company. Such a risk assessment should identify all relevant information and criteria, including whether the target engages in certain high-risk business areas or risk-imminent geographical areas, whether it has a particular customer base, for example the company only conducts business in the private sector or is also active in the public sector, as well as, in particular, the use of third-party business partners, such as sales agents and intermediaries. In addition, an effective risk assessment and a subsequent compliance due diligence should cover areas beyond anti-bribery and corruption, which may include, in consideration of the target’s risk profile, export control laws and sanctions regulations, anti-money laundering, antitrust, tax compliance and so on.
Musgrave: The quantification and prioritisation of corruption risks relies on detection strategies. FIs and investment funds need strategies to ensure that the nature and extent of any corruption is identified and addressed as quickly as possible. These strategies need to be agile or continuously updated to tackle the evolution of how corrupt activities are carried out. Detection strategies should also be publicised. FIs and investment funds should make employees, customers and third parties aware of their detection strategies to deter would-be perpetrators from engaging in corrupt practices.
Barry: Proactive, documented risk assessments are a critical component of a viable anti-corruption programme. Risk assessments inform the enterprise how best to allocate resources and protect it in the event of a problem, particularly when the problem goes undetected until discovered by regulators or others outside the organisation. FIs should document improvements to processes and controls relevant to anti-corruption efforts and train key personnel to identify and escalate concerns. This allows the enterprise to proactively address risk. It is particularly important to train personnel other than those in legal and compliance functions, such as investment professionals. If possible, FIs and investment funds should train agents and intermediaries, and require such third parties to certify compliance with the anti-corruption compliance programme. The work does not end once an investment or transaction is executed – ongoing monitoring, including ‘boots on the ground’ diligence, will protect the enterprise from post-transaction misconduct.
Pavic: Organisations need to take an enterprise-wide and coordinated approach to identify their risk exposure. There is no one-size-fits-all strategy – the best approach will depend on the size and nature of the organisation, the jurisdictions it operates in and its business activities. A comprehensive corruption risk assessment may include reviewing and assessing the organisation’s past experiences, reviewing annual audit results, analysing data on employee and customer complaints, and engaging senior management to consider trends and priorities.
FW: Are you seeing FIs and investment funds increasing their efforts to better understand customers, competitors, employees and third parties, to reduce opportunities for corrupt activity?
Barry: FIs are leveraging technology through third-party risk management systems and are training their people to understand and make use of the output. While this effort was initially viewed as an anti-corruption mechanism, it has become essential to the effort to combat trade-based money laundering, traditional money laundering and terrorist financing. Investment advisers and others affiliated with investment funds have reacted to recent enforcement actions involving funds and corruption. These actions have focused on direct anti-corruption risks stemming from investments and sovereign wealth fund interactions, liability for personnel in control positions, in addition to those actually committing the conduct, and disclosure to investors regarding use of investor funds and anti-corruption risk. This trend will only increase, as sophisticated investors now include anti-corruption compliance in standard operational due diligence.
Musgrave: In relation to customers, we are seeing FIs and investment funds engaging in increased efforts. Such efforts are required under the AMLCFT in New Zealand. FIs and investment funds are required to collect and retain customers’ personal information, and independently verify it. They are also required to record details of all transactions, such as the amount, date and parties to the transaction. These details can tell you a lot about FIs and investment funds’ direct customers, and the third parties that their customers are dealing with. There are also efforts to better understand the profiles of individuals who engage in corrupt activity by professional service firms, as well as by FIs and investment funds.
Pasewaldt: FIs and investment funds are increasingly aware of corruption risks and they, therefore, are spending more time and effort trying to understand market environments and practices and their competitors. Such efforts enable FIs and investment funds to identify potential weak spots in their own organisations, or at potential target companies, and to tackle relevant risks by implementing appropriate and efficient compliance measures.
FW: What advice would you offer to FIs and investment funds on developing and rolling out anti-corruption controls, policies and procedures across their organisation? Are there any common pitfalls or oversights?
Musgrave: The first thing to note is that we are seeing an increasing number of businesses developing their own controls, policies and procedures to address both internal and external corruption risks. We would offer two key pieces of advice to FIs and investment funds to avoid common pitfalls and oversights. The first is to ensure that the controls, policies and procedures that FIs and investment funds implement are specifically tailored to their business. We would not advise simply copying the practices adopted by another business. In New Zealand, the legislative framework is complex, and obligations vary depending on the nature of a particular business. For example, government agencies have their own anti-bribery and corruption policies with specific requirements. If a business interacts with government agencies, its policies and procedures should also take into account the requirements adopted by those government agencies. If an FI or investment fund operates multinationally, this complicates matters further because controls, policies and procedures will need to meet the requirements of numerous jurisdictions. It is important to accurately assess which obligations apply to your business. Secondly, continuing education is crucial to detecting and preventing corruption.
Pavic: Firms need to be proactive and responsive to evolving regulatory and customer expectations. Anti-corruption controls, policies and procedures need to reflect the current and ever-changing regulatory and legal landscape, as well as keeping up with the fast pace of change in technology and the business environment. A robust anti-corruption programme is one that not only meets the legal requirements of various relevant jurisdictions, but that is also effective on the ground and enforced by management. Organisations should take a good, hard look at their existing policies and examine whether, for instance, the whistleblower policy has actually been effective or whether changes are needed. Common pitfalls include using templates based on one jurisdiction’s laws or outdated policies that are not tailored to the specific needs of the organisation, lack of clarity on responsibilities for compliance and accountability, not taking into account domestic laws and policies of the local jurisdiction where an international FI is operating, inadequate employee training on the policies, and failing to engage the board and senior management in rolling out and enforcing the anti-corruption programme.
Pasewaldt: The implementation of a risk-orientated and robust compliance programme is crucial for FIs and investment funds, as well as for any portfolio companies held by such organisations. In any event, FIs and investment funds should be aware of the various jurisdictions in which they operate, and the relevant legal frameworks that apply to them. For example, the US Foreign Corrupt Practices Act (FCPA) may apply to both corporates and individuals acting anywhere in the world if there is a link to the territory of the US, for which a payment in US dollars may be sufficient. The UK Bribery Act provides similar rules regarding extraterritorial reach. One common pitfall that we often see in compliance due diligence is that when companies fall within the jurisdiction of at least one of these two laws, they adjust their anti-bribery and corruption policies accordingly and consider themselves compliant as the FCPA and the Bribery Act both have a reputation of being strict. While the latter is true for the extraterritorial reach of the two laws, the same may also be true for applicable sets of rules of other states that are less well-known but sometimes even stricter when it comes to the actual requirements of corruption offences, specifically regarding dealings with public officials.
Barry: First, understand the nature of your risks across the enterprise and how they manifest themselves in different aspects of your core businesses. Often, FIs build out anti-corruption compliance controls and processes piecemeal, instead of taking a holistic approach. This is particularly noticeable in the fund space, where the approach is sometimes more reactive than proactive. As a result, a particular investment strategy or geographic risk drives the compliance programme in a manner that may not be practical or effective for other aspects of the business. Second, engage in meaningful debates about the likelihood that particular policies and procedures will be followed. For example, it is not a good idea to require the inclusion of audit rights in every share purchase agreement and then fail to include such a provision or exercise the rights themselves. Finally, obtain regular independent reviews of the programme.
FW: What specific considerations need to be given to reporting channels, whistleblower protections and conducting internal investigations, for example?
Pavic: Having an effective whistleblower policy and process for investigations is a critical component of an organisation’s anti-corruption programme. Generally, a whistleblower policy should provide a framework for making a report under the policy, including what should be reported and to whom. A critical component is the option for reports to be made anonymously, and certain confidentiality protections to the extent possible, with clarity on what circumstances confidentiality may not be maintained. The policy should also provide that the employer is prohibited from retaliating against a whistleblower for making a report. With respect to the reporting channels, it is important that the policy provides for multiple channels such as telephone, online and in-person, and that one of the available channels is independent from management in the event the allegation is against a member of management. Independence and objectivity are very important considerations. If the allegations are serious or if senior management or the board are accused of wrongdoing, it may require direct board involvement – for example by the appointment of a special committee of the board, or assignment of the audit or another standing committee of the board to oversee any responsive investigation.
Pasewaldt: A whistleblower hotline or other channels for anonymous reporting of actual or suspected corrupt practices or other misconduct are typical components of a market-standard compliance programme. In fact, however, various jurisdictions provide for different legal requirements that need to be considered in this regard. Under the laws of one state, whistleblowers may be granted anonymity and be protected from damage claims, termination of an employment contract and other disciplinary sanctions. Furthermore, relevant documents may be exempted from seizure in the case of a dawn raid. Other states, however, may apply a lower level of relevant regulation or provide no protection for whistleblowers at all. FIs and investment funds should be aware of such differences and reflect them in their relevant guidelines and policies. The same is true for rules on conducting internal investigations, voluntary self-reporting of misconduct to the authorities and cooperation with enforcement authorities during investigation proceedings. While some states, including the US and the UK, provide formal rulebooks that lay out the particular requirements and potential benefits of such cooperation, including declinations, penalty discounts and deferred prosecution agreements (DPAs), other states, like Germany, lack a relevant formal framework and, therefore, grant a wide margin of discretion to enforcement authorities instead.
Barry: Credibility is everything when you are dealing with a regulator. Whistleblower hotlines and protections, and the internal investigation process should all be above reproach. Otherwise the firm will risk losing control of an investigation to an untrusting regulator, or paying for an investigation that is far broader than it would have been had the regulator felt it could rely upon the company’s procedures. Developing procedures that protect would-be whistleblowers from the risk of retaliation and place responsibility for evaluating whistleblower allegations with the audit committee or similar board-level committee are important safeguards. Establishing a clear, understandable process for preserving data, conducting investigations and escalating issues when appropriate will save the firm time and avoid confusion when an issue arises.
Musgrave: It goes without saying that those who identify or observe corrupt conduct, for example whistleblowers, should be encouraged to report it. Many businesses rely on whistleblowers as their primary detection mechanism. The factors that are likely to discourage reporting include concerns about the personal ramifications of reporting and a lack of confidence in the process that would follow. Reporting channels and whistleblower protections are factors relevant to the personal ramifications of reporting potential corruption. To provide assurance that no adverse personal ramifications would flow from reporting, policies and procedures could include a variety of reporting channels from which a whistleblower could choose. One such reporting channel could be to a specifically appointed whistleblower protection officer, whose role it is to support the person reporting and ensure their identity remains confidential. Creating such a role would provide some comfort to whistleblowers that there would be no personal ramifications from reporting. In New Zealand, the Protected Disclosures Act sits behind internal policies to provide further assurance that a whistleblower will suffer no personal ramifications.
FW: On a global level, what is the regulatory outlook in the fight against financial crime? Do FIs and investment funds need to maintain a programme of continuous improvement in this area, as they remain on the front line?
Pasewaldt: In recent years, legislators all over the world repeatedly revised their laws on bribery and corruption, as well as other areas of financial crime. In addition, states are increasingly entering into relevant multilateral treaties obliging them to implement uniform minimum standards, such as the Organisation for Economic Co-operation and Development (OECD) Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. Furthermore, anti-bribery and corruption laws are being increasingly enforced. Obvious trends are the further switch of focus by the enforcement authorities beyond the industrial sector to banks and the financial industry, as well as the increasing cooperation of national enforcement authorities with other national authorities, such as tax authorities, and foreign enforcement authorities. Against this background, FIs and investment funds should stay on top of relevant developments and continuously review and amend their guidelines and policies to make sure that they meet all current requirements.
Musgrave: In the future, collaborative efforts between regulators and private entities to tackle financial crime are likely to continue. With the emergence of new entities, such as FinTech businesses, there will be new challenges to address that will require cooperation. FIs and investment funds will be incentivised to work alongside regulators in response to increased customer demand for integrity and the associated reputational risk. We are also likely to see an increase in the activities of organisations, such as Transparency International, aimed at tackling corruption globally. For example, the New Zealand branch of Transparency International is currently reviewing the country’s financial systems to assess whether they effectively address the risk of corruption.
Barry: Pressure on FIs and investment funds will only increase as anti-corruption and other financial crime enforcement ‘goes global’. FIs are on the front lines as potential subjects and as sources of information, as we can see from many current investigations emanating from Brazil, the Netherlands, the US, Switzerland and elsewhere. Increasingly, investment funds are being subject to scrutiny for what fund advisers or managers know about the intended uses of investor money. As criminals and regulators become more sophisticated about the complexities of financial crime, be it corruption, money laundering, economic sanctions violations or other misconduct, participants in the industry will have to ensure that their compliance programmes are keeping pace.
Pavic: The trend is clear – the fight against corruption and other financial crimes has increased significantly in recent years, and various governments are ratcheting up compliance obligations. Governments worldwide have been focusing their resources and effort on developing more effective tools to prevent and investigate financial wrongdoing. Boards and executives need to be vigilant of the changing landscape and continuously assess whether the organisation is equipped to effectively prevent, detect and respond to financial crime within the organisation.
Hannah Musgrave is a senior associate in Bell Gully’s litigation team. Her areas of specialisation include regulatory investigations and prosecution, including white-collar crime. She studied computer crime as part of her Master of Laws at the University of Chicago, and has advised a range of multinational companies on the development of anti-bribery and corruption policies. She can be contacted on +64 9 916 8724 or by email: email@example.com.
Dr David Pasewaldt advises national and international companies in the field of white-collar crime and compliance. In particular, he specialises in conducting internal investigations, defending companies in investigation proceedings and the prevention of criminal risks. His main areas of focus are providing cross-border advice on anti-corruption compliance and the field of criminal capital market law. Dr Pasewaldt regularly publishes articles in professional journals and gives lectures on white-collar crime. He is a lecturer at the Frankfurt School of Finance & Management. He can be contacted on +49 69 7199 1453 or by email: firstname.lastname@example.org.
William P. Barry is a member of the law firm Miller & Chevalier Chartered. He advises boards of directors, corporates and financial institutions on a broad range of issues involving corruption, money laundering, economic sanctions and accounting investigations, as well as related compliance processes. He guides clients through the complex issues involved in responding to inquiries from domestic and international regulators and responding to competing demands in parallel proceedings, such as internal reviews, government investigations and civil litigation. He is a certified anti-money laundering specialist. He can be contacted on +1 (202) 626 5974 or by email: email@example.com.
Sonja Pavic is a litigation associate at Osler, Hoskin & Harcourt LLP, where she practices business-critical civil and commercial litigation and advises on regulatory and enforcement issues and white-collar matters. Her practice has a particular emphasis on regulatory investigations, cross-border class actions, securities litigation, investment treaty arbitration and anti-corruption compliance. She is a member of the firm’s Risk Management and Crisis Response Team and the International Trade and Investment Law Group. She can be contacted on +1 (416) 862 5661 or by email: firstname.lastname@example.org.
© Financier Worldwide